diff --git a/cli.py b/cli.py
index 8fe5ac8..8a53d9a 100644
--- a/cli.py
+++ b/cli.py
@@ -39,6 +39,10 @@ def request_api(path, domain, verb, data):
         json=data,
     )
 
+    if response.status_code == 403:
+        print(f"Error: access refused because '{response.json()['status']}'")
+        sys.exit(1)
+
     # TODO: real error message
     assert response.status_code == 200, response.content
     assert response.content == b"ok", response.content
diff --git a/run.py b/run.py
index f669528..135b361 100644
--- a/run.py
+++ b/run.py
@@ -333,11 +333,11 @@ def require_token():
             # run some method that checks the request
             # for the client's authorization status
             if "X-Token" not in request.headers:
-                return json({'status': 'you need to provide a token to access the API, please refer to the README'}, 403)
+                return response.json({'status': 'you need to provide a token to access the API, please refer to the README'}, 403)
 
             if not os.path.exists("tokens"):
                 api_logger.warning("No tokens available and a user is trying to access the API")
-                return json({'status': 'invalide token'}, 403)
+                return response.json({'status': 'invalide token'}, 403)
 
             async with aiofiles.open('tokens', mode='r') as f:
                 tokens = await f.read()
@@ -347,10 +347,10 @@ def require_token():
 
             if token not in tokens:
                 api_logger.warning(f"someone tried to access the API using the {token} but it's not a valid token in the 'tokens' file")
-                return json({'status': 'invalide token'}, 403)
+                return response.json({'status': 'invalide token'}, 403)
 
-            response = await f(request, *args, **kwargs)
-            return response
+            result = await f(request, *args, **kwargs)
+            return result
         return decorated_function
     return decorator